For two years, University of Iowa Hospitals and Clinics inadvertently posted online the names, admission dates and medical records numbers of more than 5,000 patients, according to a UI Health Care news release Tuesday.

In May 2015, "a limited set of data containing protected health information" of about 5,300 patients at UIHC was "inadvertently saved in unencrypted files that were posted online through an application development site," according to the release.

UIHC officials first learned about the posted protected information when it was reported April 29 by "an individual who is an expert in online security," Tom Moore, a UIHC spokesman, said via email. The files were deleted two days later.

"To our knowledge, the files had limited views," Moore said. "The website where it was posted reported that the files were not copied by anyone."

The posted files did not contain clinical information, Social Security numbers, credit card numbers or other financial information, Moore said.

UIHC sent letters June 22 to all affected patients and encouraged them to monitor closely any "Explanation of Benefits" sent by their insurance company or whatever other entity pays their medical bills.

"UI Health Care understands the serious nature of any potential breach — no matter how limited — so it has conducted a thorough investigation, identified and mitigated the risks, and strengthened its training and information oversight efforts to prevent a similar occurrence," the release states. "UI Health Care values patient privacy and deeply regrets any inconvenience this may have caused patients and their families."

Moore said UIHC is taking the following measures to prevent similar incidents:

Tightening the process for the development and management of custom databases.

Educating staff and students about how and when to use the tools designed to store and move sensitive data sets.

Enhancing employee training on data privacy for all who develop applications.

Patients should call 800-654-5672 or email compliance@uiowa.edu to learn whether their information was included in the breach.